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REMARKS 

Claims 1-4, 6-36, and 38-69 are pending and under consideration in this application. 
Claims 68 and 69 are added herein. Claims 1, 33, 65, 66, and 67 have been amended. Claims 
3 and 35 have been canceled herein without prejudice or disclaimer. Support for the 
amendment to claims 1 , 33, 65, 66, and 67 may be found in the claims as originally filed and, in 
particular, in claims 3 and 35. Support for new claims 68 and 69 may be found in the 
specification at page 16, lines 5-20. Further reconsideration is requested based on the 
foregoing amendment and the following remarks. 

Response to Arguments: 

The Applicants appreciate the consideration given to their arguments. The Applicants, 
however, are disappointed that their arguments were not found to be persuasive. The final 
Office Action asserts in section 34, at page 10, lines 8 to 12, that: 

Regarding that to which is claimed by applicants, legality of an access request is 
best understood given broadest reasonable interpretation, the access request 
being a message being sent to a server from a client device where and legality of 
the messages understood as the determination of whether or not a message 
should or should not be allowed to be forwarded to a server. 

Determining whether or not a message should or should not be allowed to be forwarded to a 
server, however, only amounts to screening the message. No estimate of the legality of the 
messages is performed in Howard. Rather, in Howard, if a message matches an illegal search 
string it is deemed to be illegal. The fact that a message does not match an illegal search string 
leads to no estimate of the legality of the message. Rather, the message is simply forwarded to 
the server without comment. The third clause of claim 1 , in contrast, recites, "a pattern 
estimation unit which estimates legality of an access request based on the illegal access 
patterns stored in the illegal pattern database and on a predetermined pattern estimation rule." 

The final Office Action goes on to assert in section 34, at page 10, lines 12 to 14, that: 

This interpretation is based on what is provided in the applicants filed 
specification for example on page 13, lines 13-20. Therefore what is taught by 
Howard is deemed to be within the scope of the claimed limitation. 

The subject application describes at page 13, lines 13 to 20: 

Although not shown in Fig. 2, the illegal request DB 33 also stores a plurality of 
illegal command character strings each of which executes an arbitrary system 
command on the Web server 40. By storing the patterns of these command 
character strings in the illegal request DB 33, it is possible to protect the Web 
server 40 not only from an illegal access using a known attacking method but also 
an illegal access using an unknown attacking method. 
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Howard describes no ability to protect a Web server from an illegal access using an unknown 
attacking method, as described in the specification. Howard, rather, compares an input search 
string to a database of known attack patterns. Even so, support for the third clause of claim 1 is 
not limited to that paragraph of the specification cited in the final Office Action. As described 
further at page 13, lines 21 to 25, continuing at page 14, lines 1 to 5: 

By referring to the illegal request DB 33, the estimation section 32 estimates the 
legality of the HTTP request based on a predetermined estimation rule 32a. 
Specifically, if the HTTP request corresponds to any one of the illegal access 
patterns stored in the illegal request DB 33, the estimation section 32 estimates 
that the HTTP request is an illegal access. If the HTTP request does not 
correspond to any illegal access patterns stored in the illegal request DB 33, the 
estimation section 32 estimates that the HTTP request is a legal access. 

Howard, on the other hand, describes no estimation section 32 estimating the legality of an 
HTTP request based on a predetermined estimation rule 32a, let alone "a pattern estimation unit 
which estimates legality of an access request based on the illegal access patterns stored in the 
illegal pattern database and on a predetermined pattern estimation rule," as recited in the third 
clause of claim 1 . 

The final Office Action asserts in section 35, at page 10, lines 18 to 22, continuing at 
page 11, lines 1 and 2, that: 

Howard teaches in column 7, line 66 - column 9, line 20 the evaluation of input 
strings to determine the presence of input strings. Howard teaches in column 7, 
lines 24-30 the use of memory which contains one or more patterns that have 
been defined and make up a pattern collection. Therefore, in view of point (a) 
and what his further taught by Howard, Howard does teach on the claim limitation 
"a pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule". 

To the contrary, Howard describes no "pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," as recited in the third clause of claim 1 . Howard, 
rather, is only determining whether or not a message should or should not be allowed to be 
forwarded to a server, Le. screening the message, as discussed above. Memory location 304, 
in particular, stores search patterns that the pattern matching engine 302 can use to evaluate an 
input string to determine whether it likely constitutes an attack on the server, iLe. whether it is an 
illegal search string. In particular, as described at column 8, lines 24 to 34: 

In the FIG. 4 embodiment, input string screening tool 300 includes a pattern 
matching engine 302 and a memory location 304. Memory location 304 contains 
one or more patterns that have been defined and make up a pattern collection 
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306. The patterns are stored in the memory location and are accessible to the 
screening tool for evaluating input strings. The pattern matching engine can 
retrieve one or more search patterns and use them to evaluate an input string to 
determine whether it likely constitutes an attack on the Web server. 

Howard needs no "a pattern estimation unit which estimates legality of an access request based 
on the illegal access patterns stored in the illegal pattern database and on a predetermined 
pattern estimation rule," as recited in the third clause of claim 1 , for that. Further reconsideration 
is thus requested. 

Objections to the Claims: 

Claim 65 was objected to for an informality. Claim 65 was amended in substantial accord 
with the Examiner's suggestions. The Examiner's suggestions are appreciated. Withdrawal of 
the objection is earnestly solicited. 

Claim Rejections - 35 U.S.C. § 102: 

Claims 1, 2, 33, 34, 65, 66, and 67 were rejected under 35 U.S.C. § 102(b) as anticipated 
by U.S. Patent No. 7,051,368 to Howard et al. (hereinafter "Howard"). The rejection is traversed 
to the extent it might apply to the claims as amended. Reconsideration is earnestly solicited. 

The third clause of claim 1 recites: 

A pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests estimating the legality of an access request," 
let alone "a pattern estimation unit which estimates legality of an access request based on the 
illegal access patterns stored in the illegal pattern database and on a predetermined pattern 
estimation rule," as recited in claim 1. Howard, rather, screens input strings to identify strings 
that contain attack patterns that can be used to attack a Web server. Attack patterns are not 
contained in legal access requests. In particular, as described at column 1 , lines 7-12: 

This invention relates to methods and systems for screening input strings that are 
intended for use by Web servers. In particular, the invention pertains to methods 
and systems for identifying input strings that contain attack patterns that can be 
used to attack a Web server, and, in some instances, reacting to the attack 
patterns once identified. 

Since Howard screens input strings to identify attack patterns that can be used to attack a Web 
server, Howard is not estimating "legality of an access request based on the illegal access 
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patterns stored in the illegal pattern database and on a predetermined pattern estimation rule," 
as recited in claim 1 . 

Howard, furthermore, is screening input strings. In particular, as described at column 2, 
lines 14 and 15: 

Methods and systems of screening input strings that are intended for use by a 
Web server are described. 

Since Howard is screening input strings, Howard is not estimating the "legality of an access 
request," as recited in claim 1. 

Furthermore, in Howard, an input string that is intended for use by a Web server is 
received and evaluated using the search pattern to ascertain whether an attack pattern is 
present. In particular, as described at column 2, lines 20-25: 

An input string that is intended for use by a Web server is received and evaluated 
using the search pattern to ascertain whether the attack pattern is present. If an 
attack pattern is found that matches the search pattern, then a remedial action is 
implemented. 

Since Howard evaluates an input string to ascertain whether an attack pattern is present, 
Howard is not estimating the "legality of an access request," as recited in claim 1 . 

Finally, in Howard, an input string is evaluated using the search pattern to ascertain 
whether an attack pattern is present. In particular, as described at column 8, lines 52-67: 

A Web server input string screening method comprising: 

determining an attack pattern that can be used to attack a Web server, the attack 

pattern comprising content that is determined as constituting one or more of a 

disclosure attack or an integrity attack on the Web server, 

defining a search pattern that can be used to detect the attack pattern, the search 

pattern being defined in a manner that permits variability among its constituent 

parts; 

receiving an input string that is intended for use by a Web server; 
evaluating the input string using the search pattern to ascertain whether the 
attack pattern is present; and 

implementing a remedial action if an attack pattern is found that matches the 
search pattern. 

Since Howard evaluates an input string to ascertain whether an attack pattern is present, 
Howard is not estimating the "legality of an access request," as recited in claim 1. 

The fifth clause of claim 1 recites: 

A transmission unit which controls transmission of the access request based on 
the determination result of the pattern determination unit so as to transmit the 
access request to the server when the access request is estimated to be legal. 
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Howard neither teaches, discloses, nor suggests transmitting "the access request to the server 
when the access request is estimated to be legal," let alone "a transmission unit which controls 
transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as recited in claim 1 . No estimate is made in Howard of the "legality of an 
access request," as discussed above. Howard, rather, processes any input string as long as 
there are no attack patterns present in the input string. In particular, as described at column 7, 
lines 36-45: 

Step 206 receives an input string from the client that is intended for use by the 
Web server, and step 208 evaluates the input string using one or more of the 
search patterns. Step 210 determines whether any of the attack patterns are 
present in the input string. An attack pattern is present if a match is found for the 
search pattern in the input string. If there are no attack patterns present in the 
input string, then step 212 processes the input string or request that is associated 
with the input string. 

Since Howard screens input strings to identify attack patterns that can be used to attack a Web 
server, Howard is not transmitting "the access request to the server when the access request is 
estimated to be legal," as recited in claim 1 . 

Howard, furthermore, implements a remedial action if an attack pattern is identified to be 
associated with the input string. In particular, as described at column 7, lines 47-51 : 

If, on the other hand, there is an attack pattern that is identified to be associated 
with the input string (i.e. an attack pattern is found in the input string that matches 
the search pattern), then step 214 implements a remedial action. 

Since Howard implements a remedial action if an attack pattern is identified to be associated 
with the input string, Howard is not transmitting "the access request to the server when the 
access request is estimated to be legal," as recited in claim 1 . 

Howard, finally, denies a request that is associated with the input string having an attack 
pattern. Howard does not mention treatment accorded any input string that has no attack 
patterns present in the input string. In particular, as described at column 7, lines 51-58: 

Remedial actions can be any actions that are associated with minimizing or 
eliminating the effect that an attack pattern can have on the Web server. In but 
one example, this can include denying a request that is associated with the input 
string. For example, in the case of an input string that is a URL, this could mean 
returning an error message to the client to the effect that the request could not be 
executed. 
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Since Howard denies a request that is associated with the input string having an attack pattern, 
Howard is not transmitting "the access request to the server when the access request is 
estimated to be legal," as recited in claim 1. 

Claim 1 has been amended to include the subject matter of former claim 3, as discussed 
above. The sixth and seventh clauses of claim 1 , in particular, now recite: 

The pattern estimation unit calculates a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database; and 
the pattern determination unit compares the estimation value calculated by the 
pattern estimation unit with a predetermined threshold value, and determines 
whether the access request is to be transmitted to the server. 

The final Office Action acknowledges in section 14, at page 5, that "Howard does not 
explicitly teach of wherein the pattern estimation unit calculates a predetermined estimation 
value according... " The final Office Action attempts to compensate for this deficiency of Howard 
by combining Howard with Carter. Carter, however, is not calculating "a predetermined 
estimation value according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database," or comparing "the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value," to "determine 
whether the access request is to be transmitted to the server," either, and thus cannot make up 
for the deficiencies of Howard with respect to claim 1 . In Carter, rather, if the system could not 
recognize an occurrence which threatened the network's security by consulting its knowledge 
base, the system would draw comparisons to prior occurrences to infer appropriate 
countermeasures. In particular, as described in paragraph [0006]: 

The system monitors network operations to detect occurrences which threaten 
the network's security. The system would attempt to recognize these occurrences, 
by consulting its knowledge base, to determine the correct response. If the 
occurrence is not recognized, the system would preferably have the additional 
capability of drawing comparisons to prior occurrences to infer appropriate 
countermeasures. 

Since, in Carter, if the system could not recognize an occurrence which threatened the network's 
security by consulting its knowledge base, the system would draw comparisons to prior 
occurrences to infer appropriate countermeasures, Carter is not calculating "a predetermined 
estimation value according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database," or comparing "the estimation value 
calculated by the pattern estimation unit with a predetermined threshold value," to "determine 
whether the access request is to be transmitted to the server," as recited in claim 1 . 
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Nor is the threshold function described in paragraph [0 447] of Carter a "predetermined 
threshold value," as recited in claim 1 . The threshold function in Carter, rather, is the argument 
of a neuron's activation function, as described in [0449]: 

[0449] The Activation Function, denoted by 0 k determines the output Y k of 
neuron k. The value of the Threshold Function v k is the argument of the Activation 
Function <t> k . The Activation Function 0 may assume a variety of forms. The 
flexibility in the forms of <t> enables the Neural Network to more efficiently learn 
knowledge of greater complexity. 

The activation function, in turn, limits the amplitude of the neuron's output, as described 
at paragraph [0443]: 

[0443] An activation function limits the amplitude of a neuron's output. The 
activation function is also referred to as a squashing function in that it squashes 
(limits) the permissible amplitude range of the output signal to some finite value. 

Since the threshold function in Carter is the argument of a neuron's activation function, 
and the activation function limits the amplitude of the neuron's output, Carter is not comparing 
"the estimation value calculated by the pattern estimation unit with a predetermined threshold 
value," to "determine whether the access request is to be transmitted to the server," as recited in 
claim 1. Claim 1 is submitted to be allowable. Withdrawal of the rejection of claim 1 is earnestly 
solicited. 

Claim 2 depends from claim 1 and adds further distinguishing elements. Claim 2 is thus 
also submitted to be allowable. Withdrawal of the rejection of claim 2 is also earnestly solicited. 

Claims 33 and 34: 

The second clause of claim 33 recites: 

A pattern estimation unit which estimates legality of an access request based on 
the illegal access patterns stored in the illegal pattern database and on a 
predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests "a pattern estimation unit which estimates 
legality of an access request based on the illegal access patterns stored in the illegal pattern 
database and on a predetermined pattern estimation rule," as discussed above with respect to 
the rejection of claim 1 . 

The fourth clause of claim 33 recites: 

Controlling transmission of the access request based on determination result of 
the pattern determination step so as to transmit the access request to the server 
when the access request is estimated to be legal. 
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Howard neither teaches, discloses, nor suggests "controlling transmission of the access request 
based on determination result of the pattern determination step so as to transmit the access 
request to the server when the access request is estimated to be legal," as also discussed 
above with respect to the rejection of claim 1 . 

The fifth and sixth clauses of claim 33 recite: 

The pattern estimation step includes calculating a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database; and 
the pattern determination step includes comparing the estimation value calculated 
in the pattern estimation step with a predetermined threshold value, and 
determining whether the access request is to be transmitted to the server. 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined estimation 
value according to a degree of correspondence of the access request and the illegal access 
patterns stored in the illegal pattern database," or comparing "the estimation value calculated by 
the pattern estimation unit with a predetermined threshold value," to "determine whether the 
access request is to be transmitted to the server," as discussed above with respect to the 
rejection of claim 1 . Claim 33 is submitted to be allowable for at least those reasons discussed 
above with respect to the rejection of claim 1 . Withdrawal of the rejection of claim 33 is 
earnestly solicited. 

Claim 34 depends from claim 33 and adds further distinguishing elements. Claim 34 is 
thus also submitted to be allowable. Withdrawal of the rejection of claim 34 is also earnestly 
solicited. 

Claim 65: 

The second clause of claim 65 recites: 

Estimating legality of an access request based on the illegal access patterns 
referred to and on a predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests "estimating legality of an access request based 
on the illegal access patterns referred to and on a predetermined pattern estimation rule," as 
discussed above with respect to the rejection of claim 1 . 

The fourth clause of claim 65 recites: 

Controlling transmission of the access request based on determination result of 
the pattern determination step so as to transmit the access request to the server 
when the access request is estimated to be legal. 
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Howard neither teaches, discloses, nor suggests "controlling transmission of the access request 
based on determination result of the pattern determination step so as to transmit the access 
request to the server when the access request is estimated to be legal," as also discussed 
above with respect to the rejection of claim 1 . 

The fifth and sixth clauses of claim 65 recite: 

The pattern estimation step includes calculating a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal 
access patterns stored in the illegal pattern database; and 
the pattern determination step includes comparing the estimation value calculated 
in the pattern estimation step with a predetermined threshold value, and 
determining whether the access request is to be transmitted to the server. 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined estimation 
value according to a degree of correspondence of the access request and the illegal access 
patterns stored in the illegal pattern database," or comparing "the estimation value calculated by 
the pattern estimation unit with a predetermined threshold value," to "determine whether the 
access request is to be transmitted to the server," as discussed above with respect to the 
rejection of claim 1 . Claim 65 is submitted to be allowable for at least those reasons discussed 
above with respect to the rejection of claim 1 . Withdrawal of the rejection of claim 65 is 
earnestly solicited. 

Claim 66: 

The fourth clause of claim 66 recites: 

Estimating legality of an access request based on the illegal access patterns 
referred to and on a predetermined pattern estimation rule. 

Howard neither teaches, discloses, nor suggests "estimating legality of an access request based 
on the illegal access patterns referred to and on a predetermined pattern estimation rule," as 
discussed above with respect to the rejection of claim 1 . 

The fifth clause of claim 66 recites: 

Determining whether the access request is to be transmitted to the server based 
on the estimate of the legality of the access request. 

Howard neither teaches, discloses, nor suggests "determining whether the access 
request is to be transmitted to the server based on the estimate of the legality of the access 
request," as also discussed above with respect to the rejection of claim 1. 

The sixth and seventh clauses of claim 66 recite: 

The estimating includes calculating a predetermined estimation value according 

Page 28 of 35 



Serial No. 10/087,807 

to a degree of correspondence of the access request to the pattern of illegal 
access stored in the illegal pattern database; and 
the determining includes comparing the estimation value calculated in the 
estimating with a predetermined threshold value, and determining whether the 
access request is to be transmitted to the server. 

Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined estimation 
value according to a degree of correspondence of the access request and the illegal access 
patterns stored in the illegal pattern database," or comparing "the estimation value calculated by 
the pattern estimation unit with a predetermined threshold value," to "determine whether the 
access request is to be transmitted to the server," as discussed above with respect to the 
rejection of claim 1 . Claim 66 is submitted to be allowable for at least those reasons discussed 
above with respect to the rejection of claim 1 . Withdrawal of the rejection of claim 66 is 
earnestly solicited. 

Claim 67: 

The second clause of claim 67 recites: 

Estimating a legality of an access request based on an illegal access pattern 
stored in an illegal pattern database and on a predetermined pattern estimation 
rule. 

Howard neither teaches, discloses, nor suggests "estimating a legality of an access request 
based on an illegal access pattern stored in an illegal pattern database and on a predetermined 
pattern estimation rule," as discussed above with respect to the rejection of claim 1 . 

The third clause of claim 67 recites: 

Determining whether the access request is to be abandoned based on the 
estimate of the legality of the access request. 

Howard neither teaches, discloses, nor suggests "determining whether the access request is to 
be transmitted to the server based on the estimate of the legality of the access request," as 
recited in claim 67. Howard, rather, denies requests associated with input strings having an 
attack pattern, as discussed above with respect to the rejection of claim 1 . 

The fourth and fifth clauses of claim 67 recite: 

The estimating includes calculating a predetermined estimation value according 
to a degree of correspondence of the access request to the pattern of illegal 
access stored in the illegal pattern database; and 

the determining includes comparing the estimation value to a predetermined 
threshold value, and determining whether the access request is to be abandoned. 
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Neither Howard nor Carter teach, disclose, or suggest calculating "a predetermined estimation 
value according to a degree of correspondence of the access request and the illegal access 
patterns stored in the illegal pattern database," or comparing "the estimation value calculated by 
the pattern estimation unit with a predetermined threshold value," to "determine whether the 
access request is to be transmitted to the server," as discussed above with respect to the 
rejection of claim 1 . Claim 67 is submitted to be allowable for at least those reasons discussed 
above with respect to the rejection of claim 1 . Withdrawal of the rejection of claim 67 is 
earnestly solicited. 

Claim Rejections - 35 U.S.C. § 103: 

Claims 4, 6-19, 26-30, 36, 38-51 , and 58-62 were rejected under 35 U.S.C. § 103 as 
being unpatentable over Howard in view of US 2003/0051026 to Carter et al. (hereinafter 
"Carter"). The rejection is traversed to the extent it might apply to the claims as amended. 
Reconsideration is earnestly solicited. 

Claims 4, 6-19 and 26-30 depend from claim 1 and add further distinguishing elements. 
Howard neither teaches, discloses, nor suggests "a pattern estimation unit which estimates 
legality of an access request based on the illegal access patterns stored in the illegal pattern 
database and on a predetermined pattern estimation rule," or "a transmission unit which controls 
transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as discussed above with respect to the rejection of claim 1 . 

Carter does not either, and thus cannot make up for this deficiency of Howard with 
respect to claims 4, 6-19 and 26-30. Thus, even if Howard were combined as proposed in the 
final Office Action, the claimed invention would not result. 

Finally, the final Office Action provides no motivation or suggestion to combine the 
teachings of Howard, Carter and Cahill as required by 35 U.S.C. § 103(a) and the M.P.E.R 
§706.02(j)(D), beyond an assertion that "(o)ne of ordinary skill in the art at the time of the 
invention would have been motivated to make the above mentioned modifications for the 
reasons discussed in Carter, Paragraph [0005]". 

In paragraph [0005], however, Carter fails to mention any reason at all to include a 
pattern estimation unit which estimates legality of an access request based on the illegal access 
patterns stored in the illegal pattern database, as recited in claim 1 . Thus, even if persons of 
ordinary skill in the art would have been motivated by paragraph [0005] of Carter at the time of 
the invention, there is no reason to believe the claimed invention would have been the result. 
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Claims 4, 6-19 and 26-30 are submitted to be allowable. Withdrawal of the rejection of claims 4, 
6-19 and 26-30 is earnestly solicited. 

Claims 36, 38-47. 48-51 and 58-62: 

Claims 36, 38-47, 48-51, and 58-62 depend from claim 33 and add further distinguishing 
elements. Howard neither teaches, discloses, nor suggests "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 33. 

Carter does not either, and thus cannot make up for this deficiency of Howard with 
respect to claims 36, 38-47, 48-51 , and 58-62. Thus, even if Howard were combined as 
proposed in the final Office Action, the claimed invention would not result. Claims 36, 38-47, 48- 
51, and 58-62 are submitted to be allowable. Withdrawal of the rejection of claims 36, 38-47, 
48-51 , and 58-62 is earnestly solicited. 

Claims 31 32. 63, and 64: 

Claims 31 , 32, 63, and 64 were rejected under 35 U.S.C. § 103 as being unpatentable 
over Howard and Carter, and further in view of US 6,535,855 to Cahill et al. (hereinafter "Cahill"). 
The rejection is traversed. Reconsideration is earnestly solicited. 

Claims 31 and 32 depend from claim 1 and add further distinguishing elements. Neither 
Howard nor Carter teach, disclose, or suggest "a pattern estimation unit which estimates legality 
of an access request based on the illegal access patterns stored in the illegal pattern database 
and on a predetermined pattern estimation rule," or "a transmission unit which controls 
transmission of the access request based on the determination result of the pattern 
determination unit so as to transmit the access request to the server when the access request is 
estimated to be legal," as discussed above. 

Cahill does not either, and thus cannot make up for this deficiency of Howard and Carter 
with respect to claims 31 and 32. Thus, even if Howard, Carter and Cahill were combined, as 
proposed in the final Office Action, the claimed invention would not result. 

Finally, the final Office Action provides no motivation or suggestion to combine the 
teachings of Howard, Carter and Cahill as required by 35 U.S.C. § 103(a) and the M.P.E.R 
§706.02(j)(D), beyond an assertion that "(o)ne of ordinary skill in the art at the time of the 
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invention would have been motivated to make the above mentioned modifications for the 
reasons discussed in Carter, Paragraph [0026]". 

In paragraph [0026], however, while Carter opines that monitoring and protecting network 
communication over the Internet is a major purpose of network surveillance and security 
systems, Carter fails to mention any reason at all to include a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database, as recited in claim 1 . Thus, even if persons of ordinary skill in the art would 
have been motivated by paragraph [0026] of Carter at the time of the invention, there is no 
reason to believe the claimed invention would be at all the result. Claims 31 and 32 are thus 
also submitted to be allowable. Withdrawal of the rejection of claims 31 and 32 is earnestly 
solicited. 

Claims 63 and 64: 

Claims 63 and 64 depend from claim 33 and add further distinguishing elements. 
Neither Howard nor Carter teach, disclose, or suggest ""a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above. 

Cahill does not either, and thus cannot make up for this deficiency of Howard and Carter 
with respect to claims 63 and 64. Thus, even if Howard, Carter and Cahill were combined, as 
proposed in the final Office Action, the claimed invention would not result. 

Finally, the final Office Action provides no motivation or suggestion to combine the 
teachings of Fuh, Carter and Cahill as required by 35 U.S.C. § 103(a) and the M.P.E.P. 
§706.02G)(D), beyond an assertion that "(o)ne of ordinary skill in the art at the time of the 
invention would have been motivated to make the above mentioned modifications for the 
reasons discussed in Carter, Paragraph [0026]", as discussed above. Claims 63 and 64 are 
submitted to be allowable. Withdrawal of the rejection of claims 63 and 64 is earnestly solicited. 

Claims 20.21.52 and 53: 

Claims 20, 21, 52 and 53 were rejected under 35 U.S.C. § 103 as being unpatentable 
over Howard in view of US Patent Application Publication 2002/0165894 to Kashani et al. 
(hereinafter "Kashani") and US Patent Application Publication 2003/0135555 to Birrel etal. 



Page 32 of 35 



Serial No. 10/087,807 

(hereinafter "Birrel"). The rejection is traversed to the extent it might apply to the ciairns as 
amended. Reconsideration is earnestly solicited. 

Claims 20 and 21 depend from claim 1 and add further distinguishing elements. Howard 
neither teaches, discloses, nor suggests "a pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," or "a transmission unit which controls transmission of 
the access request based on the determination result of the pattern determination unit so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 1 . 

Neither Kashani nor Birrel do not either, and thus cannot make up for this deficiency of 
Howard with respect to claims 20 and 21 . Thus, even if Howard, Kashani and Birrel were 
combined as proposed in the final Office Action, the claimed invention would not result. Claims 
20 and 21 are submitted to be allowable. Withdrawal of the rejection of claims 20 and 21 is 
earnestly solicited. 

Claims 52 and 53: 

Claims 52 and 53 depend from claim 33 and add further distinguishing elements. 
Howard neither teaches, discloses, nor suggests "a pattern estimation unit which estimates 
legality of an access request based on the illegal access patterns stored in the illegal pattern 
database and on a predetermined pattern estimation rule," or "controlling transmission of the 
access request based on determination result of the pattern determination step so as to transmit 
the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 33. 

Neither Kashani nor Birrel do not either, and thus cannot make up for this deficiency of 
Howard with respect to claims 52 and 53. Thus, even if Howard, Kashani and Birrel were 
combined as proposed in the final Office Action, the claimed invention would not result. Claims 
52 and 53 are submitted to be allowable. Withdrawal of the rejection of claims 52 and 53 is 
earnestly solicited. 

Claims 22-25 and 54-57: 

Claims 22-25 and 54-57 were rejected under 35 U.S.C. § 103 as being unpatentable over 
Howard in view of Carter and Kashani. The rejection is traversed. Reconsideration is earnestly 
solicited. 
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Claims 22-25 depend from ciaim 1 and add further distinguishing elements. Howard 
neither teaches, discloses, nor suggests "a pattern estimation unit which estimates legality of an 
access request based on the illegal access patterns stored in the illegal pattern database and on 
a predetermined pattern estimation rule," or "a transmission unit which controls transmission of 
the access request based on the determination result of the pattern determination unit so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 1 . 

Neither Carter nor Kashani do either, and thus cannot make up for this deficiency of 
Howard with respect to claims 22-25. Thus, even if Howard, Carter and Kashani were combined 
as proposed in the final Office Action, the claimed invention would not result. Claims 22-25 are 
submitted to be allowable. Withdrawal of the rejection of claims 22-25 is earnestly solicited. 

Claims 54-57: 

Claims 54-57 depend from claim 33 and add further distinguishing elements. 

Howard neither teaches, discloses, nor suggests "a pattern estimation unit which 
estimates legality of an access request based on the illegal access patterns stored in the illegal 
pattern database and on a predetermined pattern estimation rule," or "controlling transmission of 
the access request based on determination result of the pattern determination step so as to 
transmit the access request to the server when the access request is estimated to be legal," as 
discussed above with respect to the rejection of claim 33. Neither Carter nor Kashani do either, 
and thus cannot make up for this deficiency of Howard with respect to claims 54-57. Thus, even 
if Howard, Carter and Kashani were combined as proposed in the final Office Action, the claimed 
invention would not result. Claims 54-57 are submitted to be allowable. Withdrawal of the 
rejection of claims 54-57 is earnestly solicited. 

New claims 68 and 69: 

Claims 68 and 69 depend from claim 1 and add further distinguishing elements. Claim 
68, for example, recites "wherein the external transmission unit selectively edits illegal access 
information on an access request which is not transmitted to the server by the access request 
transmission unit," while claim 69 recites "wherein the illegal access information is selected from 
the group consisting of a content of the access request, an address and a host name of a 
transmitting end of the access request, and a transmission time of the access request." Claims 
68 and 69 thus ought to be allowable for at least those reasons discussed above with respect to 
claim 1 . 
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Conclusion: 

Accordingly, in view of the reasons given above, it is submitted that all of claims 1-4, 6- 
36, and 38-69 are allowable over the cited references. Allowance of all claims 1-4, 6-36, and 38- 
69 and of this entire application is therefore respectfully requested. 

If there are any formal matters remaining after this response, the Examiner is requested 
to telephone the undersigned to attend to these matters. 

If there are any additional fees associated with filing of this Amendment, please charge 
the same to our Deposit Account No. 19-3935. 



Respectfully submitted, 
STAAS & HALSdx LLP 




Date: 



stromas E. McKiernan 
Registration No. 37,889 



1201 New York Ave, N.W., 7th Floor 
Washington, D.C. 20005 
Telephone: (202)434-1500 
Facsimile: (202)434-1501 
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